The present invention relates generally to the field of database record access control, and more specifically to a method of and system for controlling access to records in a data store based upon dynamically configurable access rules.
In constructing data store applications to be marketed to certain industries, it is highly beneficial to allow customers the ability to dynamically create logic rules that can be applied against data records as the records are retrieved from a data store. An example of such an application is a health record data store, for use by healthcare providers, hospitals, insurance companies, and the like, in which medical records are stored. These medical records include diagnosis and treatment records for various patents. The records contain information on the nature, date, and location of the diagnosis or treatment.
Medical records in general are highly private and sensitive. Additionally, there are stigmas associated with certain medical conditions, such as sexually transmitted diseases, HIV, substance abuse, and psychological or psychiatric conditions. The knowledge of diagnoses of or treatments for such conditions can have potentially harmful of discriminatory consequence for the person receiving such diagnosis or treatment. Accordingly, only persons having a need to know should have access to medical records in general, and access to medical records containing particularly sensitive information should be highly restricted.
Currently, access to records is controlled either by filtering logic in the application or by tagging each record with a security code or classification when the record is entered into the data store. The security classification is determined with reference to current good practice or governmental regulations. However, good practice and governmental regulations tend to change and evolve over time. New regulations are being written all the time. Information that may be considered relatively non-sensitive at one time may come to be considered highly sensitive at a later time. Thus, complex rule logic may change over time. Logic code imbedded in the product may require recompilation either by the customer or the product provider in order to implement new rules. Records tagged with a security identifier applied at the time the records were stored would require migration in order to implement changed access rules.
The present invention provides a method of and system for controlling access to records stored in a database. The method of the present invention queries the database to obtain an initial result set of records. The method of the present invention then applies access rules to the records of the initial result set to obtain a final result set of records. Then, the method of the present invention provides access to records of the final result set according to a user profile for the user requesting the records.
The records are stored in the database with a base value protection code. The method of the present invention tags the records of the initial result set by changing the base value protection code to a final protection code based upon the application of the access rules. The user profile includes at least one protection code and a level of access corresponding to the protection code. The records of the final result set are provided to the user according to the user profile and the final protection code to each record.